You See, But What Do You Observe?
How Observation and Inference Skills Can Aid Investigations & Analytic Work by: Christina Lakati
Intelligence analysts and investigators are often given too little with which they are expected to find too much. Only a few pieces of available information are expected to lead to some missing pieces and eventually to actionable intelligence or the resolution of an investigation. This would be a dreadful and overwhelming task to many, but to most of us working in an investigative capacity, it is a challenge that hits right on a hunting instinct.
Often the start of an investigation involves some tried and tested processes and tools. The ones that we know will yield at least “something”, that will help us go further and collect more information or open more investigative avenues. But what happens when this process hits a wall, and you don’t know where to go from there? Or when you have a hunch that you cannot possibly explain?
It’s time for the investigative mind & instinct to lead the way.
Good observation & inference skills have time and again proven to be invaluable in the investigative process. Ignore cultivating these skills, and chances are that you are going to miss some pieces of the puzzle that you could otherwise have access to or could be essential.
For their importance, inferences remain a strange and relatively vague part of the process. They do not provide us with concrete conclusions. Still, they help one develop intrinsic insights and build a worthy hypothesis that can lead to the hunt for additional evidence/information or to some dark corners we otherwise wouldn’t have looked at.
Between us, seeing one thing and understanding five is simply an amazing skill to have.
There is a process to it, but let’s take it from the start.
Observations & Inferences, Abductive Skills:
Who hasn’t read or watched a Sherlock Holmes story and hasn’t marveled at his logic and reasoning process? It was the character of Sherlock Holmes that introduced to many the value of deduction skills. But did Sherlock truly employ deductive reasoning? Do we? Yes and no. There is a crucial detail involved.
A deduction is an “inference in which the conclusion about particulars follows necessarily from general or universal premises”*
An abduction (in reasoning) is “a syllogism in which the major premise is evident but the minor premise and therefore the conclusion only probable.”*
The difference between the two is that in deductive reasoning, the inferences must be drawn from concrete, factual information and necessarily be true. In contrast, abductive reasoning works with factual observations that then lead to a plausible hypothesis, an “educated assumption” as it’s called, or a “best plausible explanation”. The deduction, therefore, is based on facts and produces a fact, while abduction produces an educated guess and requires more evidence in support of its hypothesis. Sherlock Holmes mainly was conducting an abductive reasoning process. So do we.
For the outcome of his abduction reasoning to be as close to the truth as possible, Sherlock would start by observing the most obvious big or little details surrounding his case. How?
The observation process
Good observation includes any factual information that one can clearly observe through their 5 senses: (sight, hearing, smell, taste, touch). They help you notice as much of the salient information there is. So is employing each sense to the best of its capacity. For example, if in an Open Source Intelligence (OSINT) investigation you get to go through visual/auditory material, you would do your analysis a disservice if you only watch them once or twice. Replay the video by focusing on one sense at a time: Watch them in mute and try to draw as much (useful) visual information as possible. What are the body language and facial expressions of the person depicted? What is their background? Can you get information on their location? Can you see other people and assess the person’s potential relationship with them? Play the video a few more times using only sound and employ in-depth hearing. Listen to the primary voices/sounds, but also pay attention to any background sounds. Do you hear other people talking? What is their gender or other characteristics? Do you listen to noises that could give away geolocation data, such as sounds from a train or a plane taking off? Observation is a trainable skill that can only serve you well if you exercise it.
As one keeps exercising their observation skills, they start noticing more things. Otherwise subtle clues start becoming more and more apparent.
Observation is about seeing what matters and being able to decode it with speed and accuracy. While simply looking or hearing is a passive process, it does not create awareness. Observation is an active process of collecting, interconnecting, and decoding what you see, hear, smell, taste, and/or touch.
But…observation alone is not enough. There is another important component. We will remain in the Sherlock Holmes spirit and get into it through a fun fact about the origins of this fascinating character.
What The Origin of Sherlock Holmes Teaches Us About Good Observation & Abduction Skills
Sir Arthur Conan Doyle might have never come up with Sherlock Holmes’ characteristic thinking process if he hadn’t met and observed his own professor and mentor, Dr. Joseph Bell, during his medical studies.
”It is most certainly to you that I owe Sherlock Holmes and though in the stories I have the advantage of being able to place Sherlock in all sorts of dramatic positions, I do not think his analytical work is in the least exaggeration of some effects which I have seen you produce in the outpatient ward”, wrote Conan Doyle in a letter to Dr. Bell years later.
See, Dr. Bell was known at the time about his abductive reasoning & inference capabilities. He was able to aid his medical judgment by inferring (and validating, as the confirmation of an inference is always necessary) a person’s occupation or recent activities based on small but important details that he would observe. He was able to do that because, other than his medical education, Dr. Bell was also very knowledgeable in other areas such as geography and the cultures, the dialects, patterns of speech and behavior, the army, and more. He would combine his years of study and experience as a medical professional with his observational skills and diverse knowledge of people and the world to draw reasoned conclusions and diagnostics about a patient’s illness. An example that Conan Doyle gave in his memoirs:
Dr. Bell: “Well my man, you’ve served in the army”
Patient: “Aye, Sir”
B: “Not long discharged?”
P: “No, Sir”
B: “A highland regiment?”
P: “Aye, sir”
B: “A non-commissioned officer”
P: “Aye, Sir”
B: “Stationed at Barbados”
P: “Aye, Sir”
Dr. Bell had knowledge of the army’s behavioral patterns and the prevalence of elephantiasis in the British colonies.
He would explain to his colleagues: “You see, gentlemen, the man was a respectful man, but he did not remove his hat. They do not in the army, but he would have learned civilian ways had he been long discharged. He has an air of authority and he is obviously Scottish. As to Barbados, his complaint is of elephantiasis, which is West Indian and not British.”
To his audience of Watsons it all seemed very miraculous until it was explained, and then it was simple enough.
Conan Doyle added in his memoir: “It is no wonder that after the study of such a character I used and amplified his methods when in later life I tried to build up a scientific detective who solved cases in his own merits”.
But my favorite takeaway of this whole story is this: It is not good observational skills alone that make someone able to read people or situations “like open books” and making correct inferences takes a lot more than just that.
Observation combined with detailed and often diverse knowledge provides the bedrock for a more informed way of thinking and gives an edge in decoding people, actions, and situations correctly. Dr. Bell combined his diverse knowledge within his medical practice, and it gave him a unique professional perspective when he combined it with observation. We also apply these elements when we do OSINT-based investigative work, crime analysis, threat intelligence, profiling, and other types of work that require analytical thinking.
Good, educated inferences stem from the combination of observational skills and your overall knowledge and past experiences.
Employing Inferences in Your Investigative Process
Inferences are the explanation we assign to the things we observe through abductive reasoning, our “educated guesses”. Even when our information is incomplete (which is most often the case), we are able to make educated guesses about what is unknown through the observed facts and knowledgeable connections. They are important because they help us develop a hypothesis and open up new investigative pathways.
Intelligence professionals incorporate inferences during their research in both small and big ways. The experienced ones tend to do this subconsciously. They often have come across several cases with similar and differing characteristics. They are able to develop a rather accurate instinct when it comes to their search of evidence, developing and proving/disproving a hypothesis, or finding an answer to their case. Therefore for them, it is a somewhat automatic process.
However, when investigators/analysts have little or no facts available, they have to employ their intuition and abductive reasoning in a more explicit way. Sometimes cases will differ so much from one another that even recognized clusters of information might not lead to the same solution as previous cases might have. And, sometimes, the inference creation process must be an organized, intentional process that can be recalled, retraced, and shared.
To extract explicit information from implicit knowledge, you may use a process with 3 main steps:
Step 1. Collecting evidence in search of a hypothesis:
As mentioned at the beginning of this blog post, most investigators start with specific processes and tools when they start working on a case. This initial phase is essential, as it ensures that they can collect as much information as possible in a relatively unbiased way.
Step 2: Hypothesis in search of evidence:
Soon, they have some evidence with which they can start building one or more initial hypotheses. The investigator can draw inferences on the evidence that is already present to develop assumptions and consider new places to look at or what to look for. In essence, they open new investigative avenues in an effort to prove or disprove their initial hypothesis.
Step 3: Final Testing of Hypothesis
The hypothesis needs to be investigated. There are two possible outcomes: additional research and information/evidence gathered will either prove or disprove it. Either scenario helps an investigation move further. The better the quality of the inferences and thus hypothesis, the faster the resolution of the case.
Imagine a missing person’s case, for example. If the investigator’s initial evidence collection paints the hypothesis of a runaway case, there are still some connected assumptions that need to be investigated. Was the missing person on bad terms with the rest of their household that made them run away? If they were, is there also any additional evidence pointing to the existence of a third person that could potentially be pulling strings in the background? Did they want to make that person’s disappearance look like a runaway case only to ensure that they can get them under their sphere of control without starting a police investigation?
Many investigators and analysts choose to document through mind-mapping the explicit pieces of information that they discover. But some others include in their mind-maps the inferences that they make based on them. A good idea is to color code the inferences. You can go ahead and research them, looking for evidence that could prove or disprove each of them, and see where they take you.
This method can help externalize an otherwise largely internal mental mechanism in a manner that can be documented, preserved, re-traced, and shared but also critiqued by others.
And make no mistake, criticism can be very, very valuable.
The Trap: Confirmation Bias
“It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.” — “A Scandal in Bohemia” (1891)
We could not possibly talk about observations and inferences without bringing the confirmation bias to the table. I have seen way too many people making an assumption and then sticking with it so hard that they cannot accept any evidence against it and even lose their sleep in their effort to make the pieces of the puzzle fit the way they want them to.
The confirmation bias is a cognitive bias that creates the tendency to look for and process information that confirms one’s existing beliefs (or hypotheses) and ignores the ones that refute them. This happens largely subconsciously. Therefore one needs to consciously battle this tendency and to be open in accepting feedback and testing competing hypotheses.
Yes, having the capability of identifying plausible inferences is a great asset, but we need to be aware of the shortcomings of our intuitive judgment.
A way to self-test our biases or avoid them as much as possible is to apply in our methodology some of the techniques taught in the “Structured Analytic Techniques for Intelligence Analysis” book by R.H. Pherson & R. J. Heuer. Specifically, look into the “Multiple Hypotheses Generation” and the “Analysis of Competing Hypotheses”. The “Reframing Techniques” discussed in chapter 8 of that same book would also be very useful. I will not get into each of them this time for the sake of not over-expanding this blog post. But do be aware of it, and do educate yourselves further on avoiding this trap.
It is no one’s favorite part of the process to try to think of all the ways they could be wrong, but it is also an incredibly enlightening and constructive process.
In the book A Study In Scarlet (by Arthur Donan Coyle, 1887), Sherlock Holmes criticizes Inspector Gregson’s investigative method by saying: “It is a mistake to confound strangeness with mystery”. He goes on to explain that Gregson, as well as many other investigators, let themselves get tangled into strange theories and mysteries upon encountering evidence that they cannot explain or that does not fit into their initial narrative. Instead, he insists, they should rather “focus on the simple facts surrounding it” — through observation.
We can be better investigators and analysts by taking a more pragmatic look. We can do this by focusing on what we can readily observe and then move into a more stable path of abductive reasoning supported by evidence and knowledge.
We discuss the inference creation process and the related analytic techniques in our online class “Fundamentals of Cyber Investigations and Human Intelligence” that Samuel Lolagar & I have created.
If you are a law enforcement investigator, threat analyst, criminologist, fraud analyst, investigative journalist or a curious intelligence professional interested in learning more around intelligence collection & analysis take a look at our upcoming online interactive classes.
We will be teaching essential techniques & methodologies in Open Source Intelligence (OSINT), Social Media Intelligence (SOCMINT) and Human Intelligence (HUMINT) and on how to combine the three disciplines for optimal results using examples and exercises.
To view the course outline and to register you may visit: https://elopage.com/s/fcihi
If you have questions, feel free to connect with me on LinkedIn or Twitter.
*Reprinted with permission from “YOU SEE, BUT WHAT DO YOU OBSERVE” by CHRISTINA LAKATI
Practicing and interconnecting my big passions: Social Engineering, Psychology, HUMINT & OSINT, for the sake of better cybersecurity & to help keep others safe.
Disclaimer: IPPIBlog.com is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPPIBlog.com. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.
THANK YOU RON
These are important considerations for any investigator.
I will pass this blog edition on to my colleagues
The FCIHI course sounds interesting and I hope it is a success.
I hope we take soon
All the Best
Thomas Manley Special Agent FBI- Retired